You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by lu...@apache.org on 2005/03/24 05:08:02 UTC
cvs commit: jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler JspConfig.java
luehe 2005/03/23 20:08:01
Modified: webapps/docs changelog.xml
jasper2/src/share/org/apache/jasper/xmlparser
ParserUtils.java
jasper2/src/share/org/apache/jasper/compiler JspConfig.java
Log:
Fix for Bugzilla 34034 ("Jasper didn't respect external entities")
based on patch by <wi...@wilshire.com>
Revision Changes Path
1.255 +8 -0 jakarta-tomcat-catalina/webapps/docs/changelog.xml
Index: changelog.xml
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/webapps/docs/changelog.xml,v
retrieving revision 1.254
retrieving revision 1.255
diff -u -r1.254 -r1.255
--- changelog.xml 23 Mar 2005 16:38:05 -0000 1.254
+++ changelog.xml 24 Mar 2005 04:08:01 -0000 1.255
@@ -118,6 +118,14 @@
</update>
</changelog>
</subsection>
+
+ <subsection name="Jasper">
+ <changelog>
+ <fix>
+ <bug>34034</bug>: Jasper does not respect external entities (billbarker)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Cluster">
<changelog>
1.13 +20 -3 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/xmlparser/ParserUtils.java
Index: ParserUtils.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/xmlparser/ParserUtils.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- ParserUtils.java 21 Mar 2005 15:38:12 -0000 1.12
+++ ParserUtils.java 24 Mar 2005 04:08:01 -0000 1.13
@@ -73,12 +73,12 @@
* that corresponds to the root node of the document tree.
*
* @param uri URI of the XML document being parsed
- * @param is Input stream containing the deployment descriptor
+ * @param is Input source containing the deployment descriptor
*
* @exception JasperException if an input/output error occurs
* @exception JasperException if a parsing error occurs
*/
- public TreeNode parseXMLDocument(String uri, InputStream is)
+ public TreeNode parseXMLDocument(String uri, InputSource is)
throws JasperException {
Document document = null;
@@ -116,6 +116,23 @@
}
+ /**
+ * Parse the specified XML document, and return a <code>TreeNode</code>
+ * that corresponds to the root node of the document tree.
+ *
+ * @param uri URI of the XML document being parsed
+ * @param is Input stream containing the deployment descriptor
+ *
+ * @exception JasperException if an input/output error occurs
+ * @exception JasperException if a parsing error occurs
+ */
+ public TreeNode parseXMLDocument(String uri, InputStream is)
+ throws JasperException {
+
+ return (parseXMLDocument(uri, new InputSource(is)));
+ }
+
+
// ------------------------------------------------------ Protected Methods
1.18 +15 -6 jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java
Index: JspConfig.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspConfig.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- JspConfig.java 21 Mar 2005 15:38:12 -0000 1.17
+++ JspConfig.java 24 Mar 2005 04:08:01 -0000 1.18
@@ -19,6 +19,7 @@
import java.io.InputStream;
import java.util.Iterator;
import java.util.Vector;
+import java.net.URL;
import javax.servlet.ServletContext;
@@ -27,6 +28,7 @@
import org.apache.jasper.JasperException;
import org.apache.jasper.xmlparser.ParserUtils;
import org.apache.jasper.xmlparser.TreeNode;
+import org.xml.sax.InputSource;
/**
* Handles the jsp-config element in WEB_INF/web.xml. This is used
@@ -57,17 +59,22 @@
private void processWebDotXml(ServletContext ctxt) throws JasperException {
- InputStream is = null;
+ InputStream is = null;
try {
- is = ctxt.getResourceAsStream(WEB_XML);
- if (is == null) {
+ URL uri = ctxt.getResource(WEB_XML);
+ if (uri == null) {
// no web.xml
- return;
+ return;
}
- ParserUtils pu = new ParserUtils();
- TreeNode webApp = pu.parseXMLDocument(WEB_XML, is);
+ is = uri.openStream();
+ InputSource ip = new InputSource(is);
+ ip.setSystemId(uri.toExternalForm());
+
+ ParserUtils pu = new ParserUtils();
+ TreeNode webApp = pu.parseXMLDocument(WEB_XML, ip);
+
if (webApp == null
|| !"2.4".equals(webApp.findAttribute("version"))) {
defaultIsELIgnored = "true";
@@ -173,6 +180,8 @@
jspProperties.addElement(propertyGroup);
}
}
+ } catch (Exception ex) {
+ throw new JasperException(ex);
} finally {
if (is != null) {
try {
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org